0d33d7fc24a48c510c8e82faceb51ccdae3fff9164c83c241dea4976946a66ab

Sharing

Copy URL Twitter E-mail

General

Target

0d33d7fc24a48c510c8e82faceb51ccdae3fff9164c83c241dea4976946a66ab
Size

3.1MB
MD5

a01daa3e01e3aa7c348cc64aa219cdb1
SHA1

d522d70e00b825947ef744c09be607c53b5c81c2
SHA256

0d33d7fc24a48c510c8e82faceb51ccdae3fff9164c83c241dea4976946a66ab
SHA512

3f650d00b9adabc531c3d4539b6ea5cb421cb5a7fd5ce3f4b34cceb9b8c6b8a623a1be9abdbbed6613a8f74d06acbb9153a410abb16f02fd69d05a273425d460
SSDEEP

49152:DcBxFdZHZRDsxvPZgvyu0QpQCCLMG9F5:DcXFdNwhPZg6L

Score

N/A

Malware Config

Signatures

Files

0d33d7fc24a48c510c8e82faceb51ccdae3fff9164c83c241dea4976946a66ab
.exe windows x86

41f02b07f4afbc5cd186a113fdb11503

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

getsockname
getpeername
shutdown
closesocket
ntohl
ntohs
accept
__WSAFDIsSet
bind
listen
WSAStartup
socket
setsockopt
htons
connect
getsockopt
ioctlsocket
gethostbyname
WSACleanup
recv
send
WSAGetLastError
inet_ntoa
select
inet_addr
htonl

crypt32

CryptProtectData
CryptUnprotectData
CertFindCertificateInStore
CertGetNameStringA
CertOpenStore

iphlpapi

NotifyAddrChange
GetIpNetTable
GetIpAddrTable
GetPerAdapterInfo
GetAdaptersInfo
GetExtendedTcpTable
GetNetworkParams
CancelIPChangeNotify

winhttp

WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpSetOption
WinHttpDetectAutoProxyConfigUrl
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpSetStatusCallback
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpOpen

advapi32

GetAce
SetSecurityDescriptorGroup
IsValidSid
GetLengthSid
CopySid
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
LookupAccountSidW
ConvertSidToStringSidA
EqualSid
ControlService
DeleteService
CreateServiceA
OpenServiceA
ChangeServiceConfigA
ChangeServiceConfig2A
SetServiceStatus
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExW
OpenProcessToken
OpenThreadToken
GetTokenInformation
LookupAccountNameA
AddAccessAllowedAce
InitializeAcl
RegSetValueExW
AllocateAndInitializeSid
CreateWellKnownSid
SetEntriesInAclA
RegSetKeySecurity
FreeSid
RegDeleteValueA
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
ReportEventA
DeregisterEventSource
RegisterEventSourceA
OpenSCManagerA
EnumServicesStatusExA
CloseServiceHandle
GetAclInformation
AddAce
SetSecurityDescriptorDacl

user32

GetProcessWindowStation
GetUserObjectInformationW
PostThreadMessageA
LoadStringA
CharNextW
MessageBoxA
CharUpperA
GetMessageA
TranslateMessage
DispatchMessageA
CharNextA
wsprintfA
UnregisterDeviceNotification
RegisterDeviceNotificationA
GetDesktopWindow

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

statusstrings

GetStatusString

xerces-c_2_7

?fgXercescDefaultLocale@XMLUni@xercesc_2_7@@2QBDB
?Initialize@XMLPlatformUtils@xercesc_2_7@@SAXQBD0QAVPanicHandler@2@QAVMemoryManager@2@_N@Z
?elementTypeInfo@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?startInputSource@XercesDOMParser@xercesc_2_7@@UAEXABVInputSource@2@@Z
?attDef@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@ABVDTDAttDef@2@_N@Z
?doctypeComment@AbstractDOMParser@xercesc_2_7@@UAEXQB_W@Z
?doctypeDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@QB_W1_N2@Z
?doctypePI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?doctypeWhitespace@AbstractDOMParser@xercesc_2_7@@UAEXQB_WI@Z
?elementDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@_N@Z
?endAttList@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@@Z
?endIntSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?endExtSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?entityDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDEntityDecl@2@_N1@Z
?resetDocType@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?notationDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLNotationDecl@2@_N@Z
?startAttList@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@@Z
?startIntSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?startExtSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?TextDecl@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?handleElementPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0PAVPSVIElement@2@@Z
?Terminate@XMLPlatformUtils@xercesc_2_7@@SAXXZ
?handleAttributesPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0PAVPSVIAttributeList@2@@Z
??1XercesDOMParser@xercesc_2_7@@UAE@XZ
?fgDOMXMLDeclaration@XMLUni@xercesc_2_7@@2QB_WB
?XMLDecl@AbstractDOMParser@xercesc_2_7@@UAEXQB_W000@Z
?startEntityReference@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLEntityDecl@2@@Z
?startElement@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLElementDecl@2@IQB_WABV?$RefVectorOf@VXMLAttr@xercesc_2_7@@@2@I_N3@Z
?startDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?resetDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?ignorableWhitespace@AbstractDOMParser@xercesc_2_7@@UAEXQB_WI_N@Z
?endEntityReference@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLEntityDecl@2@@Z
?endElement@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLElementDecl@2@I_NQB_W@Z
?endDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?docPI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?docComment@AbstractDOMParser@xercesc_2_7@@UAEXQB_W@Z
?docCharacters@AbstractDOMParser@xercesc_2_7@@UAEXQB_WI_N@Z
??0MemBufInputSource@xercesc_2_7@@QAE@QBEIQBD_NQAVMemoryManager@1@@Z
??0XercesDOMParser@xercesc_2_7@@QAE@QAVXMLValidator@1@QAVMemoryManager@1@QAVXMLGrammarPool@1@@Z
?setDoNamespaces@AbstractDOMParser@xercesc_2_7@@QAEX_N@Z
?setDoSchema@AbstractDOMParser@xercesc_2_7@@QAEX_N@Z
?setExternalNoNamespaceSchemaLocation@AbstractDOMParser@xercesc_2_7@@QAEXQBD@Z
?parse@AbstractDOMParser@xercesc_2_7@@QAEXABVInputSource@2@@Z
?getMessage@DOMException@xercesc_2_7@@QBEPB_WXZ
?getMessage@XMLException@xercesc_2_7@@QBEPB_WXZ
?transcode@XMLString@xercesc_2_7@@SAPA_WQBD@Z
?release@XMLString@xercesc_2_7@@SAXPAPA_W@Z
?transcode@XMLString@xercesc_2_7@@SAPADQB_W@Z
?release@XMLString@xercesc_2_7@@SAXPAPAD@Z
??3XMemory@xercesc_2_7@@SAXPAX@Z
?resolveEntity@XercesDOMParser@xercesc_2_7@@UAEPAVInputSource@2@PAVXMLResourceIdentifier@2@@Z
?resetEntities@XercesDOMParser@xercesc_2_7@@UAEXXZ
?expandSystemId@XercesDOMParser@xercesc_2_7@@UAE_NQB_WAAVXMLBuffer@2@@Z
?setPSVIHandler@AbstractDOMParser@xercesc_2_7@@UAEXQAVPSVIHandler@2@@Z
?createElementNSNode@AbstractDOMParser@xercesc_2_7@@MAEPAVDOMElement@2@PB_W0@Z
?error@XercesDOMParser@xercesc_2_7@@UAEXIQB_WW4ErrTypes@XMLErrorReporter@2@000JJ@Z
?resetErrors@XercesDOMParser@xercesc_2_7@@UAEXXZ
?handlePartialElementPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0PAVPSVIElement@2@@Z
?endInputSource@XercesDOMParser@xercesc_2_7@@UAEXABVInputSource@2@@Z
?getDocument@AbstractDOMParser@xercesc_2_7@@QAEPAVDOMDocument@2@XZ
??1MemBufInputSource@xercesc_2_7@@UAE@XZ
?getRawBuffer@MemBufFormatTarget@xercesc_2_7@@QBEPBEXZ
??0MemBufFormatTarget@xercesc_2_7@@QAE@HQAVMemoryManager@1@@Z
??2XMemory@xercesc_2_7@@SAPAXI@Z
?fgMemoryManager@XMLPlatformUtils@xercesc_2_7@@2PAVMemoryManager@2@A
?getDOMImplementation@DOMImplementationRegistry@xercesc_2_7@@SAPAVDOMImplementation@2@PB_W@Z
?writeChars@MemBufFormatTarget@xercesc_2_7@@UAEXQBEIQAVXMLFormatter@2@@Z
?flush@XMLFormatTarget@xercesc_2_7@@UAEXXZ
?resolveEntity@XercesDOMParser@xercesc_2_7@@UAEPAVInputSource@2@QB_W00@Z
??1MemBufFormatTarget@xercesc_2_7@@UAE@XZ

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

TlsFree
SetHandleCount
GetACP
VirtualFree
IsValidCodePage
SetStdHandle
GetStringTypeA
GetStringTypeW
HeapCreate
LCMapStringW
LCMapStringA
FindFirstFileW
GetDriveTypeW
ExitProcess
GetOEMCP
UnlockFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
FlushFileBuffers
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
InitializeCriticalSectionAndSpinCount
GetFullPathNameW
CreateFileW
LockFile
SetConsoleMode
ReadConsoleInputA
ExitThread
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
SetConsoleCtrlHandler
GetStartupInfoA
GetCurrentDirectoryA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetConsoleMode
GetConsoleCP
SetFilePointer
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetCPInfo
GetSystemTimeAsFileTime
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA
ReleaseSemaphore
CreateSemaphoreA
TlsGetValue
DuplicateHandle
TlsSetValue
TlsAlloc
CreateMutexA
SetThreadPriority
ResumeThread
OutputDebugStringA
InterlockedExchange
FlushConsoleInputBuffer
GetVersionExA
GlobalMemoryStatus
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
GetStdHandle
GetFileType
GetVersion
OpenEventA
ResetEvent
WaitForMultipleObjects
OpenProcess
CreateThread
GetModuleHandleW
GetCurrentThreadId
GetCommandLineA
SetErrorMode
RaiseException
GetSystemDefaultLCID
IsDBCSLeadByte
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
WideCharToMultiByte
lstrlenW
GetComputerNameA
GlobalAlloc
GlobalFree
LocalAlloc
lstrlenA
GetModuleFileNameA
SetEvent
GetSystemTime
GetCurrentThread
MultiByteToWideChar
GetProcessHeap
HeapAlloc
HeapFree
Sleep
CloseHandle
GetLastError
GetOverlappedResult
WaitForSingleObject
ReadFile
CreateEventA
WriteFile
DeviceIoControl
FormatMessageA
GetModuleHandleA
GetProcAddress
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
ReleaseMutex
SetLastError
LocalFree
FreeLibrary
GetCurrentProcess
LoadLibraryA

shell32

SHGetFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoSuspendClassObjects
CoRevertToSelf
CoImpersonateClient
CoTaskMemFree

oleaut32

LoadTypeLi
SafeArrayPutElement
SysFreeString
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SafeArrayCreate
SafeArrayDestroy
SafeArrayUnlock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayLock
VarUI4FromStr
LoadRegTypeLi
SysStringLen
VariantChangeType
SafeArrayGetVartype
SafeArrayCreateVector
SafeArrayCopy
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi

ws2_32

WSASetLastError
WSACreateEvent
getnameinfo

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 431KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: 540KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

41f02b07f4afbc5cd186a113fdb11503

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

crypt32

iphlpapi

winhttp

advapi32

user32

rpcrt4

setupapi

statusstrings

xerces-c_2_7

version

kernel32

shell32

ole32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 431KB - Virtual size: 431KB

.data Size: 116KB - Virtual size: 148KB

.rsrc Size: 26KB - Virtual size: 26KB

.vmp1 Size: 540KB - Virtual size: 1.6MB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 431KB - Virtual size: 431KB

.data
Size: 116KB - Virtual size: 148KB

.rsrc
Size: 26KB - Virtual size: 26KB

.vmp1
Size: 540KB - Virtual size: 1.6MB